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(57) The present invention relates to an information 
processing apparatus allowing proper communication 
with a communication partner in accordance with a com- 
munication time of the communication partner. A recep- 
tion control unit 41 receives a random challenge (RC) 
from a transmission terminal 1 1 and supplies it to a gen- 
eration unit 42. The reception control unit 41 transmits 
an RC reception message indicating an RC reception to 
a transmission side. The generation unit 42 executes a 
Hash process relative to RC and supplies resultant au- 



thentication data to a generation unit 43. A transmission 
control unit 44 controls the generation unit 43 at a timing 
before a response request command from the transmis- 
sion side is received, to make the generation unit 43 gen- 
erate a response message containing authentication da- 
ta corresponding to the response request command, and 
when the response request command is received, trans- 
mits the response message to a transmission destination 
terminal. The present invention is applicable to a content 
providing system. 
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Description 

Field of the Invention 

[0001] The present invention relates to information 
processing apparatus and method, a recording medium 
and a program, and more particularly to an information 
processing apparatus capable of properly measuring a 
time taken to reach a communication partner, and to an 
information processing method, a recording medium and 
a program. 

Background Art 

[0002] Recently, widespreading networks, such as a 
network (hereinafter called WAN (Wide Area Network)) 
typically represented by the Internet, which is publicly 
used over a wide area and a network (hereinafter called 
LAN (Local Area Network) which is installed in ordinary 
houses or the like and used locally, various data com- 
munications via these networks, are mainstream. 
[0003] When image content, music content and the like 
are transmitted over a network, authentication and key 
exchange are performed for a communication partner 
and the content is enciphered and transmitted (refer to 
the following document). 

[0004] DTCP Specification Volume 1 Version 1.3 (In- 
formation Version) http://www.dtcp.com/daTa/info_ 
200401 07_dtcp_Vo_1 _1 p3.pdf 

[0005] There arises herein the case that although copy 
and transmission in a home are permitted, content trans- 
mission to another home connected to WAN is restricted 
from the viewpoint of copyrights. For example, although 
a content of recorded television broadcast can be used 
if only it is used privately (in a home), if the content is 
transmitted via the Internet to a third party, it can be con- 
sidered that this infringes the copyright,, thus a restriction 
of this kind is therefore necessary. 
[0006] Under this restriction, an apparatus (transmit- 
ter) for transmitting a content protected under copyright 
is required to judge whether a communication partner 
apparatus (receiver) for receiving the content is in the 
same LAN or connected via WAN (the Internet). 
[0007] For example, whether the communication part- 
ner is connected via WAN (the Internet) can be known 
by checking from the IP address whether the communi- 
cation partner is in the same subnet or by using the 
number (Hop Count) of IP routers through which an IP 
communication packet passes. However, if technologies 
such as VPN (Virtual Private Network) are used, even 
communications via WAN (the Internet) can establish a 
connection like the same subnet connected without an 
IP router. Namely, the content can be improperly ac- 
quired. 

Disclosure of the Invention 

[0008] The present invention has been made in con- 



sideration of the above-described circumstances and 
aims to measure a communication distance based on a 
response time of a receiverto a predetermined command 
to thereby judge, e.g., whether or not the receiver is con- 
5 nected to the same LAN as that of the transmitter. 

[0009] A first information processing apparatus of the 
present invention is characterized by having: command 
transmission means for, after authentication data is gen- 
erated in accordance with shared data shared with a re- 
io ceiving apparatus, transmitting a command for request- 
ing for a response to the receiving apparatus; authenti- 
cation means for authenticating the receiving apparatus 
in accordance with an expected value generated based 
upon the shared data and the authentication data gen- 
's e rated at the receiving apparatus; measurement means 
for measuring a response time taken by the receiving 
apparatus to respond to the command; and judgment 
means for judging whether data transmission to the re- 
ceiving apparatus is granted or not, in accordance with 
an authentication result by the authentication means and 
the response time measured by the measurement 
means. 

[001 0] The command transmission means may trans- 
mit the command a maximum of N times to judge whether 
the data transmission is granted or not; and the authen- 
tication means may authenticate the receiving apparatus 
in accordance with the authentication data correspond- 
ing to a transmission sequence of the command and a 
corresponding one of the expected value. 
[0011] A first information processing method of the 
present invention is characterized by having: a command 
transmission step of, after authentication data is gener- 
ated in accordance with shared data shared with a re- 
ceiving apparatus, transmitting a command for request- 
ing for a response to the receiving apparatus; an authen- 
tication step of authenticating the receiving apparatus in 
accordance with an expected value generated based up- 
on the shared data and the authentication data generated 
at the receiving apparatus; a measurement step of meas- 
uring a response time taken by the receiving apparatus 
to respond to the command; and a judgment step of judg- 
ing whether data transmission to the receiving apparatus 
is granted or not, in accordance with an authentication 
result by the authentication step and the response time 
measured by the measurement step. 
[0012] A program of a first recording medium of the 
present invention is characterized by having: a command 
transmission control step of controlling, after authentica- 
tion data is generated in accordance with shared data 
shared with a receiving apparatus, transmission of a 
command for requesting for a response to the receiving 
apparatus; an authentication control step of controlling 
authentication of the receiving apparatus in accordance 
with an expected value generated based upon the shared 
data and the authentication data generated at the receiv- 
ing apparatus; a measurement control step of controlling 
measurement a response time taken by the receiving 
apparatus to respond to the command; and a judgment 
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control step of controlling judgment whether data trans- 
mission to the receiving apparatus Is granted or not, In 
accordance with an authentication result by the authen- 
tication control step and the response time measured by 
the measurement control step. 

[0013] A first program of the present invention makes 
a computer execute a process, the process characterized 
by having: a command transmission control step of con- 
trolling, after authentication data is generated in accord- 
ance with shared data shared with a receiving apparatus, 
transmission of a command for requesting for a response 
to the receiving apparatus; an authentication control step 
of controlling authentication of the receiving apparatus 
in accordance with an expected value generated based 
upon the shared data and the authentication data gen- 
erated at the receiving apparatus; a measurement control 
step of controlling measurement a response time taken 
by the receiving apparatus to respond to the command; 
and a judgment control step of controlling judgment 
whether data transmission to the receiving apparatus is 
granted or not, in accordance with an authentication re- 
sult by the authentication control step and the response 
time measured by the measurement control step. 
[0014] In the first information processing apparatus 
and method of the present invention, and program of the 
present invention, after the authentication data is gener- 
ated in accordance with the shared data shared with the 
receiving apparatus, the command for requesting for the 
response is transmitted to the receiving apparatus, the 
receiving apparatus is authenticated in accordance with 
the expected value generated based upon the shared 
data and the authentication data generated at the receiv- 
ing apparatus, the response time taken by the receiving 
apparatus to respond to the command is measured, and 
whether data transmission to the receiving apparatus is 
granted or not is judged in accordance with the authen- 
tication result and the response time. 
[0015] A second information processing apparatus of 
the present invention capable of communicating with a 
transmitting apparatus which judges whether data trans- 
mission is granted or not, in accordance with an authen- 
tication result based on authentication data generated 
from shared data shared with the transmitting apparatus 
and a response time to a predetermined command from 
the transmitting apparatus, is characterized by having: 
authentication data generation means for generating the 
authentication data by subjecting the shared data to a 
predetermined process, before the command is trans- 
mitted from the transmitting apparatus; response mes- 
sage generation means for generating a response mes- 
sage to the command before the command is transmitted 
from the transmitting apparatus, the response message 
including the authentication data generated by the au- 
thentication data generation means; and transmission 
means for transmitting the response message to the 
transmitting apparatus when the command transmitted 
from the transmitting apparatus is received. 
[0016] The shared data may be a quasi random 



number, the quasi random number may be transmitted 
from the transmitting apparatus before the command is 
transmitted, the authentication data generation means 
may subject the quasi random number to a Keyed-Hash 
s process and a resultant Hash value may be used as the 
authentication data. 

[0017] The authentication data generation means may 
execute a Keyed-Hash process relative to the quasi ran- 
dom number and information specific to the information 
io processing apparatus and may use a resultant Hash val- 
ue as the authentication data. 

[0018] If the command is transmitted from the trans- 
mitting apparatus a maximum of N times to judge whether 
data transmission is granted or not, the authentication 
is data generation means may execute the process relative 
to the shared data before a first one of the command is 
transmitted from the transmitting apparatus and gener- 
ates N sets of the authentication data corresponding to 
N sets of the command to be transmitted. 
[0019] The transmission means may transmit the re- 
sponse message generated by the response message 
generation means to the transmitting apparatus in such 
a manner that N sets of the authentication data are sup- 
plied to the transmitting apparatus in a sequence agreed 
beforehand with the transmitting apparatus. 
[0020] The authentication data generation means may 
divide the data obtained by subjecting the shared data 
to the process into a plurality of data pieces and may 
generate N sets of the authentication data from the di- 
vides data. 

[0021] The authentication data generation means may 
generate N sets of the authentication data from data ob- 
tained at each process of repetitively executing the proc- 
ess relative to the shared data. 

[0022] When the command from the transmitting ap- 
paratus is received, the transmission means may trans- 
mit a response message to the transmitting apparatus, 
the response message containing new authentication 
data generated from the authentication data and infor- 
mation contained in the command. 
[0023] A second information processing method of the 
present invention is characterized by having: an authen- 
tication data generation step of generating the authenti- 
cation data by subjecting the shared data to a predeter- 
mined process, before the command is transmitted from 
the transmitting apparatus; a response message gener- 
ation step of generating a response message to the com- 
mand before the command is transmitted from the trans- 
mitting apparatus, the response message including the 
authentication data generated by a process at the au- 
thentication data generation step; and a transmission 
step of transmitting the response message to the trans- 
mitting apparatus when the command transmitted from 
the transmitting apparatus is received. 
[0024] A program of a second recording medium of the 
present invention is characterized by having: an authen- 
tication data generation control step of controlling gen- 
eration of the authentication data by subjecting the 
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shared data to a predetermined process, before the com- 
mand is transmitted from the transmitting apparatus; a 
response message generation control step of controlling 
generation of a response message to the command be- 
fore the command is transmitted from the transmitting 
apparatus, the response message including the authen- 
tication data generated by a process at the authentication 
data generation step; and a transmission control step of 
controlling transmission of the response message to the 
transmitting apparatus when the command transmitted 
from the transmitting apparatus is received. 
[0025] A second program of the present invention is 
characterized by having: an authentication data genera- 
tion control step of controlling generation of the authen- 
tication data by subjecting the shared data to a predeter- 
mined process, before the command is transmitted from 
the transmitting apparatus; a response message gener- 
ation control step of controlling generation of a response 
message to the command before the command is trans- 
mitted from the transmitting apparatus, the response 
message including the authentication data generated by 
a process at the authentication data generation step; and 
a transmission control step of controlling transmission of 
the response message to the transmitting apparatus 
when the command transmitted from the transmitting ap- 
paratus is received. 

[0026] In the second information processing apparatus 
and method of the present invention, and program of the 
present invention, the authentication data is generated 
by executing the predetermined process relative to the 
shared data before the command is transmitted from the 
transmitting apparatus, the response message to the 
command is generated before the command is transmit- 
ted from the transmitting apparatus, the response mes- 
sage including the generated authentication data, and 
the response message is transmitted to the transmitting 
apparatus when the command transmitted from the 
transmitting apparatus is received. 
[0027] A third information processing apparatus of the 
present invention is characterized by having: authentica- 
tion data generation means for generating command au- 
thentication data and response expected value data from 
shared data shared with a receiving apparatus; com- 
mand transmission means for transmitting a command 
for requesting for a response to the receiving apparatus, 
the command containing the command authentication 
data; response reception means for receiving a response 
to the command from the receiving apparatus; authenti- 
cation means for authenticating the receiving apparatus 
in accordance with the response expected value and the 
response authentication data contained in the response 
received from the receiving apparatus; measurement 
means. for measuring a response time taken by the re- 
ceiving apparatus to respond to the command; and judg- 
ment means forjudging whether data transmission to the 
receiving apparatus is granted or not, in accordance with 
an authentication result by the authentication means and 
the response time measured by the measurement 



means. 

[0028] The command transmission means may trans- 
mit the command a maximum of k times to judge whether 
data transmission is granted or not, and the authentica- 

s tion means may authenticate the receiving apparatus in 
accordance with the authentication data corresponding 
to a transmission sequence of the command and a cor- 
responding one of the expected value. 
[0029] A third information processing method of the 

io present invention is characterized by having: an authen- 
tication data generation step of generating command au- 
thentication data and response expected value data from 
shared data shared with a receiving apparatus; a com- 
mand transmission step of transmitting a command for 

is requesting for a response to the receiving apparatus, the 
command containing the command authentication data; 
a response reception step of receiving a response to the 
command from the receiving apparatus; an authentica- 
tion step of authenticating the receiving apparatus in ac- 

20 cordance with the response expected value and the re- 
sponse authentication data contained in the response 
received from the receiving apparatus; a measurement 
step of measuring a response time taken by the receiving 
apparatus to respond to the command; and a judgment 

25 stepof judging whether data transmission to the receiving 
apparatus is granted or not, in accordance with an au- 
thentication result by the authentication step and the re- 
sponse time measured by the measurement step. 
[0030] A program of a third recording medium of the 

30 present invention is characterized by having: an authen- 
tication data generation step of generating command au- 
thentication data and response expected value data from 
shared data shared with a receiving apparatus; a com- 
mand transmission step of transmitting a command for 

35 requesting for a response to the receiving apparatus, the 
command containing the command authentication data; 
a response reception step of receiving a response to the 
command from the receiving apparatus; an authentica- 
tion step of authenticating the receiving apparatus in ac- 

<o cordance with the response expected value and the re- 
sponse authentication data contained in the response 
received from the receiving apparatus; a measurement 
step of measuring a response time taken by the receiving 
apparatus to respond to the command; and a judgment 

45 step of j udging wh ether data transmission to the receivin g 
apparatus is granted or not, in accordance with an au- 
thentication result by the authentication step and the re- 
sponse time measured by the measurement step. 
[0031] A third program of the present invention makes 

so a computer execute a process, the process characterized 
by having: an authentication data generation step of gen- 
erating command authentication data and response ex- 
pected value data from shared data shared with a receiv- 
ing apparatus; a command transmission step of trans- 

55 mitting a command for requesting for a response to the 
receiving apparatus, the command containing the com- 
mand authentication data; a response reception step of 
receiving a response to the command from the receiving 
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apparatus; an authentication step of authenticating the 
receiving apparatus in accordance with the response ex- 
pected value and the response authentication data con- 
tained in the response received from the receiving appa- 
ratus; a measurement step of measuring a response time 
taken by the receiving apparatus to respond to the com- 
mand; and a judgment step of judging whether data trans- 
mission to the receiving apparatus is granted or not, in 
accordance with an authentication result by the authen- 
tication step and the response time measured by the 
measurement step. 

[0032] In the third information processing apparatus 
and method of the present invention, and program of the 
present invention, the command authentication data and 
expected value data are generated from the data shared 
with the receiving apparatus, the command requesting 
forthe response is transmitted to the receiving apparatus, 
the command including the command authentication da- 
ta, the response to the command from the receiving ap- 
paratus is received, the receiving apparatus is authenti- 
cated in accordance with the response expected value 
and the response authentication data contained in the 
response received from the receiving apparatus, the re- 
sponse time taken by the receiving apparatus to respond 
to the command is measured, and it is judged whether 
the data transmission to the receiving apparatus is grant- 
ed or not, in accordance with the authentication result 
and response time. 

[0033] A fourth information processing apparatus of 
the present invention is characterized by having: gener- 
ation means for generating, from shared data shared with 
the transmitting apparatus, command expected value da- 
ta and response authentication data respectively corre- 
sponding to authentication data of the command gener- 
ated at the transmitting apparatus from the shared data; 
authentication means for authenticating the transmitting 
apparatus in accordance with authentication data of the 
command contained in the command and the command 
expected value data generated by the generation means, 
when the command transmitted from the transmitting ap- 
paratus is received; and transmission means for trans- 
mitting a response containing the response authentica- 
tion data to the transmitting apparatus, in accordance 
with an authentication result by the authentication 
means. 

[0034] A fourth information processing method of the 
present invention is characterized by having: a genera- 
tion step of generating, from shared data shared with the 
transmitting apparatus, command expected value data 
and response authentication data respectively corre- 
sponding to authentication data of the command gener- 
ated at the transmitting apparatus from the shared data; 
an authentication step of authenticating the transmitting 
apparatus in accordance with authentication data of the 
command contained in the command and the command 
expected value data generated by a process of the gen- 
eration step, when the command transmitted from the 
transmitting apparatus is received; and a transmission 



step of transmitting a response containing the response 
authentication data to the transmitting apparatus, in ac- 
cordance with an authentication result by a process of 
the authentication step. 
5 [0035] A program of a fourth recording medium of the 
present invention is characterized by having: a genera- 
tion step of generating, from shared data shared with the 
transmitting apparatus, command expected value data 
and response authentication data respectively corre- 
'0 sponding to authentication data of the command gener- 
ated at the transmitting apparatus from the shared data; 
an authentication step of authenticating the transmitting 
apparatus in accordance with authentication data of the 
command contained in the command and the command 
is expected value data generated by a process of the gen- 
eration step, when the command transmitted from the 
transmitting apparatus is received; and a transmission 
step of transmitting a response containing the response 
authentication data to the transmitting apparatus, in ac- 
cordance with an authentication result by a process of 
the authentication step. 

[0036] A forth program of the present invention makes 
a computer execute a process, the process characterized 
by having: a generation step of generating, from shared 
data shared with the transmitting apparatus, command 
expected value data and response authentication data 
respectively corresponding to authentication data of the 
command generated at the transmitting apparatus from 
the shared data; an authentication step of authenticating 
the transmitting apparatus in accordance with authenti- 
cation data of the command contained in the command 
and the command expected value data generated by a 
process of the generation step, when the command 
transmitted from the transmitting apparatus is received; 
and a transmission step of transmitting a response con- 
taining the response authentication data to the transmit- 
ting apparatus, in accordance with an authentication re- 
sult by a process of the authentication step. 
[0037] In the fourth information processing apparatus 
and method of the present invention, and program of the 
present invention, from the shared data shared with the 
transmitting apparatus, the command expected value da- 
ta and response authentication data respectively corre- 
sponding to the authentication data of the command gen- 
erated at the transmitting apparatus from the shared data 
are generated, the transmitting apparatus is authenticat- 
ed in accordance with the command authentication data 
contained in the command and the generated command 
expected value data when the command transmitted 
from the transmitting apparatus is received, and the re- 
sponse containing the response authentication data is 
transmitted to the transmitting apparatus in accordance 
with the authentication result. 
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FIG. 1 is a diagram showing an application example 
of an information communication system adopting 
the present invention. 

Fig. 2 is a block diagram showing an example of the 
structure of a terminal shown in Fig. 1 . 
Fig. 3 is a block diagram showing an example of the 
structure of a transmission grant judgment unit 
shown in Fig. 2. 

Fig. 4 is a block diagram showing an example of the 
structure of a response control unit shown in Fig. 2. 
Fig. 5 is a flow chart illustrating a transmission grant 
judgment process and 8 response process. 
Fig. 6 is a diagram illustrating a method of generating 
an expected value and authentication data. 
Fig. 7 is a diagram illustrating another method of gen- 
erating an expected value and authentication data. 
Fig. 8 is a diagram illustrating the operation of the 
terminal shown in Fig. 1 . 

Fig. 9 is a block diagram showing another example 
of the structure of the transmission grant judgment 
unit shown in Fig. 2. 

Fig. 1 0 is a block diagram showing another example 
of the structure of the response control unit shown 
in Fig. 2. 

Fig. 1 1 is a flow chart illustrating another transmis- 
sion grant judgment process. 
Fig. 12 is a flow chart illustrating another response 
process: 

Fig. 13 is another diagram illustrating the operation 

of the terminal shown in Fig. 1 . 

Fig. 14 is another diagram illustrating the operation 

of the terminal shown in Fig. 1 . 

Fig. 15 is another diagram illustrating the operation 

of the terminal shown in Fig. 1 . 

Fig. 1 6 is a block diagram showing an example of 

the structure of a personal computer. 

Best Modes for Carrying Out the Invention 

[0039] Fig. 1 shows an example of the structure of an 
information communication system constituted of termi- 
nals 1 1 , adopting the present invention. 
[0040] Lans 1 -1 and 1 -2 (if it is not necessary to dis- 
criminate between Lans, simply called LAN 1 . This is also 
applied to other cases) are mutually connected via a 
WAN 2. 

[0041] LAN 1-1 is installed, for example, in a house 
and has an approximate size allowing particular individ- 
uals (orfamily) to use it. To this end, LAN 1 -1 is connected 
to the terminals 1 1 -1 and 1 1 -2 such as personal comput- 
ers and AV apparatuses via switching hubs (not shown). 
Connection between LAN 1 -1 and the terminals 1 1 -1 and 
11-2 is established by a high speed interface such as 
Ethernet (registered trademark) (100BASE-TX). The ter- 
minals 11-1 and 11-2 can be connected to LAN 1-2 via 
WAN 2. 

[0042] LAN 1-2 is configured in a manner similar to 
LAN 1 -1 and a terminal 1 1 -3 is connected thereto. 



[0043] Each terminal 1 1 is an authorized apparatus 
registered in this information communication system, and 
as shown in Fig. 2, is constituted of a transmission grant 
judgment unit 21 , a response control unit 22, a commu- 
5 nication unit 23 and a transmission data storage unit 24. 
[0044] When predetermined data is transmitted to an- 
other terminal 1 1 (terminal 1 1 on a reception side), the 
transmission grant judgment unit 21 communicates with 
the reception side terminal 1 1 (more correctly, the recep- 
io tion side respond control unit 22) via the communication 
unit 23 in a manner to be described later, authenticates 
whether the reception side terminal 11 is an authorized 
apparatus of the information communication system, and 
measures a response time of the reception side terminal 
is 1 1 to a predetermined request, as a communication time 
with the reception side terminal 1 1 . 
[0045] In accordance with a communication distance 
judgment result based on the authentication result and 
response time of the reception side terminal 1 1 , the trans- 
mission grant judgment unit 21 judges whether data 
transmission to the reception side terminal 1 1 is granted 
or not 

[0046] For example, if the reception terminal 1 1 is con- 
nected to LAN 1 different from LAN 1 of the transmission 
side terminal 11 (a so-called long communication dis- 
tance case through connection via WAN 2), a response 
time becomes longer than if the reception terminal 1 1 is 
connected to the same LAN 1 (a short communication 
distance). Therefore, for example, if the communication 
is restricted in the same LAN 1 , the transmission grant 
judgment unit 21 judges from the measured response 
time whether the reception side terminal 1 1 is connected 
to the same LAN 1 as that of the transmission side ter- 
minal 1 1 , and judges, from this judgment result and the 
authentication result of the reception side terminal 1 1 , 
whether data transmission can be granted. 
[0047] More specifically, in the example shown in Fig. 
1, when the terminal 11-1 (on the transmission side) 
transmits data to the terminal 1 1 -2 (on the reception side), 
the transmission grant judgment unit 21 of the terminal 
11-1 judges from the measured response time of the ter- 
minal 11-2 that the terminal 11-2 is connected to LAN 
1 -1 to execute data transmission. On the other hand, 
when the terminal 11-1 transmits data to the terminal 
1 1-3, the transmission grant judgment unit 21 of the ter- 
minal 1 1 -1 judges from the measured response time of 
the terminal 1 1 -3 that the terminal 1 1 -3 is connected to 
LAN (LAN 1 -2) different from LAN 1 -1 not to execute data 
transmission. 

[0046] This communication control by a communica- 
tion distance is applicable to content distribution busi- 
nesses, for example, the content of movie or the like is 
distributed first to a predetermined district, and on later 
days to another district. 

[0049] Revertingto Fig. 2, when the predetermined da- 
ta is received from the transmission side terminal 1 1 , the 
response control unit 22 communicates with the trans- 
mission side terminal 1 1 (more correctly, the transmis- 
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sion side transmission grant judgment unit 21) in a man- 
ner to be described later, and transmits to the transmis- 
sion side terminal information necessary for the authen- 
tication at the transmission side terminal 1 1 and for prop- 
er response time measurement, respectively via the com- 
munication unit 23. 

[0050] The communication unit 23 is connected to LAN 
1 and communicates with the terminal 11 in the same 
LAN 1 or the terminal 1 1 connected to a different LAN 1 
via WAN 2. 

[0051] The transmission data storage unit 24 stores 
predetermined data to be transmitted to the reception 
side terminal 1 1 . 

[0052] Fig. 3 shows an example of the structure of the 
transmission grant judgment unit 21 of the terminal 1 1 . 
[0053] A random challenge generation unit 31 gener- 
ates a quasi random number (hereinafter called a random 
challenge) having a predetermined number of bits, and 
supplies it to a random challenge transmission control 
unit 32 and an expected value generation unit 33. 
[0054] The random challenge transmission control unit 
32 transmits the random challenge supplied from the ran- 
dom challenge generation unit 31 , to the reception ter- 
minal 1 1 viathe communication unit 23. The random chal- 
lenge transmission control unit 32 also receives a mes- 
sage (hereinafter called an RC reception message) to 
the effect that the random challenge is received, the RC 
reception message being transmitted from the reception 
side terminal 1 1 , and notifies a command transmission 
control unit 34 of the reception of the RC reception mes- 
sage, respectively via the communication unit 23. 
[0055] An expected value generation unit 33 makes 
the random challenge supplied from the random chal- 
lenge generation unit 31 be subjected to, for example, a 
Hash process (so-called Keyed-Hash process) based on 
an HMAC algorithm (Keyed Hashing for Message Au- 
thentication, IETF RFC 21 04) using a secret key shared 
with the reception side terminal 1 1 , generates an expect- 
ed value of authentication data to be generated from the 
random challenge by the reception side terminal 1 1 , and 
supplies it to a judgment unit 35. The expected value 
generation unit 33 may generate an expected value by 
executing the Keyed-Hash process relative to the ran- 
dom challenge information coupled to information (e.g., 
apparatus ID) which is specific to the terminal 11 and 
preset to the terminal 1 1 . 

[0056] The secret key used by the Hash process is 
distributed to each authorized apparatus of the informa- 
tion communication system at a predetermined timing in 
secret. 

[0057] When the reception of the RC reception mes- 
sage is notified from the random transmission control unit 
32, the command transmission control unit 34 transmits 
a command requesting for a response (hereinafter called 
a response request command) to the reception side ter- 
minal 1 1 via the communication unit 23, in accordance 
with an instruction from a judgment unit 35. 
[0058] The command transmission control unit 34 re- 



ceives a message (hereinafter called a response mes- 
sage) transmitted from the reception side terminal 1 1 as 
a response to the transmitted response request com- 
mand, and supplies it to the judgment unit 35, respec- 
5 tively via the communication unit 23. The response mes- 
sage has built-in authentication data generated from the 
random challenge transmitted from the random chal- 
lenge transmission control unit 32. 
[0059] After the response request command is trans- 
mitted, the command transmission control unit 34 con- 
trols a response time measurement unit 36 to start meas- 
uring a response time, and to terminate measuring the 
response time when the response message as a re- 
sponse to the response request command is received. 
[0060] In accordance with the authentication data built 
in the response message from the command transmis- 
sion control unit 34 and the expected value of the au- 
thentication data generated by the expected value gen- 
eration unit 33, the judgment unit 35 authenticates wheth- 
er the reception side terminal 11 is an authorized appa- 
ratus of the information communication system. The 
judgment unit 35 also judges whether the response time 
measured by the response time measurement unit 36 is 
longer than a predetermined time TL and judges the com- 
munication distance (judges whether the reception side 
terminal is connected to the same LAN 1 as that of the 
transmission side terminal 11) 

[0061] In accordance with the authentication result of 
the reception side terminal 1 1 and the judgment result of 
the communication distance, the judgment unit 35 judges 
whether data transmission is granted or not. In accord- 
ance with this judgment, the judgment unit 35 controls 
the communication unit 23 to transmit the data stored in 
the transmission data storage unit 24 to the reception 
side terminal 1 1 . 

[0062] In accordance with an instruction from the com- 
mand transmission control unit 34, the response time 
measurement unit 36 activates a built-in timerto measure 
the response time of the reception side terminal 1 1 . 
[0063] Rg. 4 shows an example of the structure of the 
response control unit 22 of the terminal 1 1 . 
[0064] A random challenge reception control unit 41 
receives via the communication unit 23 the random chal- 
lenge transmitted from the transmission side terminal 1 1 
(more correctly, the transmission side transmission grant 
judgment unit 21) and supplies it to the authentication 
data generation unit 42). The random challenge recep- 
tion control unit 41 also transmits via the communication 
unit 23 the RC reception message (message to the effect 
that the random challenge is received) to the transmis- 
sion side terminal 1 1 , and notifies a reception message 
transmission control unit 44 of the transmission of the 
RC reception massage. 

[0065] An authentication data generation unit 42 
makes the random challenge supplied from the random 
challenge reception control unit 41 be subjected to a 
Keyed-Hash process in a manner similar to the case of 
the transmission side terminal 1 1 (the expected value 
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generation unit 33 of the transmission grant judgment 
unit 21) to generate authentication data which the third 
party cannot be estimated, and supply it to a response 
message generation unit 43. 

[0066] Under the control of the response message 
transmission control unit 44, the response message gen- 
eration unit 43 generates the response message assem- 
bled with the authentication data supplied from the au- 
thentication data generation unit 42, and supplies it to 
the response message transmission control unit 44. 
[0067] The response message transmission control 
unit 44 receives via the communication unit 23 the re- 
sponse request command transmitted from the transmis- 
sion side terminal 1 1 . 

[0068] The response message transmission control 
unit 44 controls the response message generation unit 
43 at the timing before the response request command 
is received (at the timing before the response request 
command is transmitted from the transmission side ter- 
minal 1 1 ) to make it generate the response message 
assembled with the authentication data corresponding 
to the response request command to be received. When 
the response request command is received, the re- 
sponse message is transmitted to the transmission side 
terminal 1 1 via the communication unit 23. 
[0069] Next, with reference to the flow chart of Fig. 5, 
description will be made on the operation of the trans- 
mission grant judgment unit 21 (Pigs. 2 and 3) of the 
terminal 11 executing the transmission grant judgment 
process. 

[0070] At Step S1 the random challenge generation 
unit 31 of the transmission grant judgment unit 21 of the 
terminal 1 1 (transmission side terminal 1 1 ) generates the 
random challenge and supplies it to the random chal- 
lenge transmission control unit 32 and expected value 
generation unit 33. 

[0071] At Step S2, the random challenge transmission 
control unit 32 transmits the supplied random challenge 
to the reception side terminal 1 1 via the communication 
unit 23, and at Step S3, the expected value generation 
unit 33 executes the Keyed-Hash process relative to the 
supplied random challenge to generate the expected val- 
ue of the authentication data to be generated at the re- 
ception side terminal 1 1 . 

[0072] Inthis example, since the transmission side ter- 
minal 1 1 transmits a maximum of N (= 1 , 2,...) response 
request commands in sequence to judge a data trans- 
mission grant, N expected values of the authentication 
data are generated in correspondence to the N response 
request commands to be transmitted. 
[0073] The N expected values can be generated by 
dividing the data obtained as the result of the Keyed- 
Hash process for the random challenge and using the 
divided data sets. In the example shown in Fig. 6, the 
data obtained as the result of the Keyed-Hash process 
for the random challenge is divided into N sets and N 
expected values, from an expected value 1 to an expect- 
ed value N, are obtained. 



[0074] The Keyed-Hash process for the random chal- 
lenge may be executed a plurality of times to generate 
N expected values from the data obtained at each proc- 
ess. In the example shown in Fig. 7, the Keyed-Hash 

5 process for the random challenge is executed N times 
and N data sets obtained at the respective processes are 
used as the expected values. An expected value 1 shown 
in Fig. 7 is obtained as a result of executing once the 
Keyed-Hash process for the random challenge, and an 

io expected value 2 is obtained as a result of the Keyed- 
Hash process for the expected value 1 . 
[0075] Reverting to Fig. 5, at Step S4 the random chal- 
lenge transmission control unit 32 receives via the com- 
munication unit 23 the RC reception message (Step S23) 

*s to the effect that the random challenge transmitted at 
Step S2 from the reception side terminal 11 to be de- 
scribed later is received, and notifies the command trans- 
mission control unit 34 of this reception. At Step S5 the 
command transmission control unit 34 initializes a coun- 

20 ter I to 1 , the counter i indicating the sequence of the 
response request command to be transmitted (transmis- 
sion sequence). 

[0076] Next, at Step S6 the command transmission 
control unit 34 transmits the response request command 

25 to the reception side terminal 1 1 via the communication 
unit 23, and at Step S7 controls the response time meas- 
urement unit 36 to start measuring the response time. 
[0077] At Step S8 the command transmission control 
unit 34 receives via the communication unit 23 the re- 

30 sponse message to the response request command 
transmitted at step S6 from the reception side terminal 
1 1 to be described later, supplies it to the judgment unit 
35, and at Step S9 controls the response time measure- 
ment unit 36 to terminate the measurement of the re- 

35 sponse time. Namely, the time obtained by a measure- 
ment starting at Step S7 and terminating at S9 is the 
response time of the reception side terminal 1 1 . 
[0078] At Step S1 0 the judgment unit 35 judges wheth- 
er the authentication data assembled in the reception 

40 message supplied from the command transmission con- 
trol unit 34 matches with the expected value (specifically, 
the expected value corresponding to the response re- 
quest command transmitted at the sequence indicated 
by the counter i (hereinafter called a response request 

45 command transmitted at the i-th sequence)) of the cor- 
responding authentication data generated by the expect- 
ed value generation unit 33. If it is Judged to match, the 
reception side terminal 1 1 is authenticated as an author- 
ized terminal of the information communication system, 

so to thereafter advance to Step S 1 1 . 

[0079] At Step S 1 1 the judgment unit 35 judges wheth- 
er the response time of the reception side terminal 11, 
measured by the response time measurement unit 3, rel- 
ative to the response request command transmitted at 

55 the i-th sequence, is longer than the predetermined time 
TL. The time TL is, for example, a communication time 
taken to communicate between terminals connected to 
the same LAN 1 . Namely, if the response time is longer 
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than the time TL, it can be judged that the reception side 
terminal 1 1 is connected to LAN 1 different from that of 
the transmission side terminal 11, whereas if the re- 
sponse time is not longer than the time TL (including re- 
sponse time = time TL), it is can be judged that the re- 
ception side terminal 1 1 is not connected to the same 
LAN 1 (the communication distance can be judged). 
[0080] If it is judged at Step S 1 1 that the response 
time is longer than the time TL, the flow advances to Step 
S1 2 whereat the judgment unit 35 notifies the judgment 
result to the command transmission control unit 34 which 
in turn increments the counter i by 1 . 
[0081 ] At Step S1 3 the command transmission control 
unit 34 judges whether the counter i is N + 1 . If it is judged 
that the counter i is not N + 1 , the flow returns to Step S6 
after a lapse of a predetermined time. If it is judged at 
Step S 13 that the counter i is N + 1 (namely, if the re- 
sponse request command was transmitted N times), or 
it is judged at Step S 10 that the reception side terminal 
1 1 is not an authorized apparatus of the information com- 
munication system, then the flow advances to Step S 14 
whereat this effect is notified to the judgment unit 3. Then, 
the judgment unit 35 rejects the data transmission to the 
reception side terminal 1 1 and controls the communica- 
tion unit 23 to reject the transmission of the data stored 
in the transmission data storage unit 24 to the reception 
side terminal 1 1 . 

[0082] If it is judged at Step S11 that the response time 
to the response request command transmitted at the i-th 
sequence is not longer than the time TL, i.e., if the re- 
ception side terminal 1 1 is the authorized apparatus of 
the information communication system and the reception 
side terminal 1 1 is connected to, e.g., the same LAN 1 
as that of the transmission side terminal 1 1 , then the flow 
advances to Step S1 5 whereat the judgment unit 35 con- 
trols the communication unit 23 to transmit the data 
stored in the transmission data storage unit 24 to the 
reception side terminal 1 1 . 

[0083] After whether the data transmission to the re- 
ception side terminal 11 is granted or not is judged at 
Step S 14 or Step S15, the judgment unit 35 transmits 
via the communication unit 23 a message (hereinafter 
called a judgment completion message) to the effect that 
the transmission grant judgment is completed, to the re- 
ception side terminal 1 1 . The transmission grant judg- 
ment process is thereafter terminated. 
[0084] Next, with reference to the flow chart of Rg. 5, 
description will be made on the operation of the response 
control unit 22 (Figs. 2 and 4) of the terminal 1 1 executing 
the response process. 

[0085] At Step S21 the random challenge reception 
control unit 41 of the response control unit 22 of the ter- 
minal 1 1 (the reception side terminal 1) receives via the 
communication unit 23 the random challenge transmitted 
from the transmission destination terminal 1 1 (at Step 
S2), and supplies it to the authentication data generation 
unit 42. At Step S22 the authentication data generation 
unit 42 makes the random challenge supplied from the 



random challenge reception control unit 41 be subjected 
to the Keyed-Hash process similar to the Keyed-Hash 
process (at Step S3) at the transmission grant judgment 
unit 21 (expected value generation unit 33) of the trans- 
5 mission side terminal 1 1 , to generate the authentication 
data and transmit it to the response message generation 
unit 43. 

[0086] In this example, since N response request com- 
mands at a maximum can be received, N authentication 

10 data sets to be compared with the expected values cor- 
responding to the response request commands (Step 
S10) are generated. N authentication data sets are gen- 
erated by a method similar to the expected value gener- 
ation method (Figs. 6 and 7). 

15 [0087] After the authentication data is generated in this 
manner, at Step S23 the random challenge reception 
control unit 41 transmits the RC reception message to 
the transmission side terminal 1 1 via the communication 
unit 23, and notifies this to the response message trans- 

20 mission control unit 44. 

[0088] At Step S24, the response message transmis- 
sion control unit 44 initializes a counter j to 1 , the counter 
j indicating the sequence of the response request com- 
mand to be received, and at Step S25 controls the re- 

25 sponse message generation unit 43 to generate the re- 
sponse message assembled with the authentication data 
corresponding to the response request command to be 
received in the sequence indicated by the counterj (here- 
inafter called a response request command received at 

30 the j-th sequence). 

[0089] Next, at Step S26 the response message trans- 
mission control unit 44 receives via the communication 
unit 23 the response request command transmitted from 
the transmission destination terminal 11 (at Step S6), 

35 and at Step S27 transmits via the communication unit 23 
the response message assembled with the authentica- 
tion data corresponding to the response request com- 
mand received at the j-th sequence to the transmission 
side terminal 1 1 . In this manner, as described earlier, the 

40 transmission side terminal 1 1 compares (at Step S 1 0) 
the authentication data corresponding to the response 
request command received at the j-th sequence (trans- 
mitted at the i-th sequence) with the expected value cor- 
responding to the response request command transmit- 

45 ted at the i-th sequence (received at the j-th sequence). 
[0090] At Step S28 the response message transmis- 
sion control unit 44 of the response control unit 22 of the 
reception side 1 1 judges whether the judgment comple- 
tion message transmitted from the transmission side ter- 

50 minal 1 1 (at Step S16) is received. If it is judged that the 
judgment completion message is not received in a pre- 
determined time, the flow advances to Step S29 whereat 
the response message transmission control unit 44 in- 
crements the counter j by 1 and at Step S30 judges 

55 whether the counter j = N + 1 . 

[0091] If it is judged at Step S30 that the counter j is 
not N + 1 (i.e., if the response request command is not 
received N times), the flow returns to Step S25 to execute 
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Step S25 and succeeding Steps for the response request 
command to be received next 

[0092] If the judgment completion message is received 
at Step S28 or if it is judged at Step S30 that the counter 
j is N + 1 (i.e., if the response request command was 
received N times), then the response control unit 22 ter- 
minates the response process. 

[0093] As described above, the communication dis- 
tance judgment by the response time is executed only 
for the reception side terminal 1 1 authenticated in ac- 
cordance with the authentication data generated from 
the random challenge (at Step S22) and the expected 
value (Step S3) (the process at Step S 11 is skipped if 
the judgment at Step S 1 0 is NO). Therefore, it is possible 
to prevent data from being transmitted to an apparatus 
which performs an identity theft of an authorized appa- 
ratus (data will not be transmitted to the apparatus which 
makes an identity theft of an authorized apparatus, re- 
ceives the response request command and transmits the 
response request message). 

[0094] The transmission side terminal 1 1 may assem- 
ble a newly generated random challenge in the response 
request command and transmit it to the reception side 
terminal 1 1 (Step S6). When the reception side terminal 
1 1 receives the response request command (Step S26), 
the already generated authentication data (Step S22) is 
coupled to the random challenge assembled in the re- 
sponse request command or the logical calculation be- 
tween them is performed, to generate new authentication 
data and return the response message assembled with 
the new authentication data (Step S27). In this case, the 
transmission side terminal 1 1 generates the expected 
value to be compared with the new authentication data 
at Step S10, by coupling the expected value generated 
at Step S3 to the random challenge assembled in the 
response request command orthrough the logical calcu- 
lation therebetween. 

[0095] By generating the authentication data and ex- 
pected value from the random challenge assembled in 
the response request command as described above, the 
reception side terminal 1 1 cannot transmit the response 
massage until the response request command is re- 
ceived from the transmission side terminal 1 1 . It is there- 
fore possible to prevent an illegal act such as transmitting 
the response message before the response request com- 
mand is received, in sequence to shorten the response 
time. 

[0096] Further, since the authentication data and the 
response message assembled with the authentication 
data are generated before the response request com- 
mand is received (Steps S22 and S25), the reception 
side terminal 1 1 can return the response message to the 
transmission side terminal 1 1 immediately after the re- 
sponse request command is received (Step S27). 
[0097] For example, if the authentication data and the 
response request message are generated after the re- 
sponse request command is received, the time required 
for this process is contained in the response time meas- 



ured at the transmission side terminal 1 1 so that the re- 
sponse time as the communication time cannot be meas- 
ured correctly. However, by transmitting the response 
message immediately after the response request com- 

5 mand is received as in this invention, the response time 
as the communication time can be measured correctly. 
[0098] Furthermore, in the above description, although 
the transmission side terminal 1 1 generates the random 
challenge (Step S1) and provides it to the reception side 

10 terminal 1 1 (Step S2), the reception terminal may gen- 
erate the random challenge and provide it to the trans- 
mission side 1 1 . 

[0099] Also in the above description, although the se- 
cret key is shared by the transmission side terminal 1 1 
is and the reception side terminal 1 1, if the secret key is 
not to be shared, it can be shared by using a Diffie-Hell- 
man key exchange algorithm or the like. In this case, 
whether the partner with whom the key was exchanged 
can be confirmed based upon the certificate that the re- 
sponse time of the partner is measured, or the like. After 
the key exchange, the key itself acquired through the key 
exchange may be used as the authentication data and 
expected value, or the Keyed-Hash process is executed 
relative to a random number by using the exchanged key, 
as described previously, to obtain the authentication data 
and expected value. 

[01 00] In the above description, the reception side ter- 
minal 1 1 is authenticated (Step S1 0) based upon the au- 
thentication data of the response generated at the recep- 
tion side terminal 1 1 (hereinafter called authentication 
data RR) (Step S22) and the expected value for the re- 
sponse generated at the transmission side terminal 1 1 
(hereinafter called an expected value QR) (Step S3). The 
reception side terminal 1 1 may authenticate the trans- 
mission side terminal 1 1 in accordance with authentica- 
tion data for the response request command from the 
transmission side terminal 1 1 (hereinafter called authen- 
tication data RS) and its expected value (hereinafter 
called an expected value QS). 

[0101] In the example shown in Fig. 5, since the re- 
ception side terminal 1 1 returns the response message 
(Step S27) immediately after the response request com- 
mand is received (S27), for example, as shown in Fig. 8 
a third apparatus x is inserted into the same LAN 1 as 
that of the transmission side terminal 1 1 (transmitter), 
the apparatus x first sends the response request com- 
mand to a receiving apparatus (S1 1 1) to acquire the re- 
sponse message from the receiving apparatus (S 1 12), 
and when the response request command incomes from 
the transmitter (S121), the acquired response message 
is returned (S122). In this manner, the apparatus x can 
become an authorized apparatus through identity theft. 
[01 02] The illegal act of this type can be prevented by 
making also the reception side terminal 1 1 authenticate 
the transmission side terminal 1 1 when the response 
message is returned (it is possible to prevent the re- 
sponse message from being returned to the unauthorized 
apparatus). 
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[01 03] Fig. 9 shows an example of the structure of the 
transmission grant judgment unit 21 and Fig. 10 shows 
an example of the structure of the response control unit 
22, respectively for when the reception terminal 1 1 au- 
thenticates the transmission terminal 1 1 . 
[0104] Similar to the random challenge generation unit 
31 shown in Fig. 3, a random challenge generation unit 
51 of the transmission grant judgment unit 21 generates 
a quasi random number having a predetermined number 
of bits, as the random challenge RC, and supplies it to 
an expected value generation unit 52 and an authentica- 
tion data generation unit 53. 

[0105] An expected value generation unit 52 makes 
the random challenge supplied from the random chal- 
lenge generation unit 51 be subjected to, for example, a 
Keyed-Hash process similar to the case of a reception 
side terminal 1 1 (authentication data generation unit 73), 
by using the secret key shared with the reception terminal 
1 1 , generates the expected value QR for the authentica- 
tion data RR of the reception side terminal 1 1 (the ex- 
pected value QR having the same value as the corre- 
sponding authentication data RR), and supplies it to a 
response authentication unit 57. 

[0106] The authentication data generation unit 53 
makes the random challenge RC supplied from the ran- 
dom challenge generation unit 51 be subjected to the 
Keyed-Hash process using the secret key shared by the 
reception side terminal 1 1 , generates the authentication 
data RS for the command which cannot be estimated by 
the third party, and supplies itto a response request com- 
mand transmission unit 55. 

[01 07] A command transmission control unit 54 trans- 
mits a control command CC such as a start command to 
the reception side terminal 1 1 , and receives a response 
message CCR to the control command CC transmitted 
from the reception side terminal 1 1 . 
[0108] A response request command transmission 
unit 55 transmits a response request command MC con- 
taining the authentication data RS generated by the au- 
thentication data generation unit 53, to the reception side 
terminal 1 1 via the communication unit 23. 
[0109] A response reception unit 56 receives via the 
communication unit 23 a response message MCR trans- 
mitted from the reception side terminal 1 1 , as a response 
to the transmitted response request command MC, and 
supplies the authentication data RR for the response as- 
sembled in the response message, to a response au- 
thentication unit 57. 

[01 10] In accordance with the authentication data RR 
for the response from the response reception unit 56 and 
the expected value QR for the authentication data RR 
generated by the expected value generation unit 52, the 
response authentication unit 57 authenticates whether 
the reception side terminal 1 1 is an authorized apparatus 
of the information communication system, and notifies 
the authentication result to a control judgment unit 58. 
[0111] The control judgment unit 58 judges whether a 
response time RTT, measured by a response time meas- 



urement unit 59, of the reception side terminal 1 1 relative 
to the response request command MC, is longer than a 
predetermined time TL to thereby judge a communication 
distance (judge whether the reception side terminal is 
s connected to the same LAN 1 as that of the transmission 
side terminal 11). 

[0112] In accordance with the authentication result of 
the reception side terminal 1 1 and the judgment result of 
the communication distance, the control judgment unit 

w 58 judges whether data transmission to the reception 
side terminal 1 1 is granted or not. In accordance with this 
judgment, the control judgment unit 58 controls the com- 
munication unit 23 to transmit the data stored in the trans- 
mission data storage unit 24 to the reception terminal 1 1 . 

'5 [0113] in response to the notices from the response 
request command transmission unit 55 and response re- 
ception unit 56, the response time measurement unit 59 
measures the response time RTT of the reception side 
terminal 11. 

20 [0114] Next, the structure (Fig. 10) of the response 
control unit 22 will be described. 

[01 15] A control response communication control unit 
71 receives the control command CC transmitted from 
the transmission terminal 1 1 and transmits the response 
25 message CCR to the control command CC to the trans- 
mission side terminal 1 1 , respectively via the communi- 
cation unit 23. 

[0116] An expected value generation unit 72 makes 
the random challenge RC contained in the control corn- 
so mand and received at the control response communica- 
tion control unit 71 be subjected to a Keyed- Hash process 
similar to the case of the transmission side terminal 1 1 
(authentication data generation unit 53), by using the se- 
cret key shared with the transmission terminal 1 1 , gen- 
35 erates the expected value QS for the command authen- 
tication data RS of the transmission side terminal 1 1 (the 
expected value QS having the same value as the corre- 
sponding authentication data RS), and supplies it to a 
command authentication unit 76. 
w [0117] An authentication data generation unit 73 
makes the random challenge RC contained in the control 
command CC received at the control response commu- 
nication control unit 71 be subjected to the Keyed-Hash 
process using the secret key shared by the transmission 
<5 side terminal 11, generates the authentication data RR 
for the response not estimated by the third party, and 
supplies itto a response transmission unit 74. 
[0118] In accordance with the authentication result of 
the command authentication unit 76, the response trans- 
50 mission unit 74 transmits the response message MCR 
to the response request command MC from the trans- 
mission side terminal 1 1 containing the authentication 
data RRforthe response generated by the authentication 
data generation unit, to the transmission side terminal 1 1 
55 via the communication unit 23. 

[01 19] A response request command reception unit 75 
receives via the communication unit 23 the response re- 
quest command MC transmitted from the transmission 



11 



21 



EP 1 650 671 A1 



22 



side terminal 1 1 , and supplies the authentication data 
RS assembled in the command to a command authenti- 
cation unit 76. 

[0120] In accordance with the command authentica- 
tion data from the response request command reception 
unit 75 and the expected value QS for the authentication 
data RS generated by the expected value generation unit 
72, the command authentication unit 76 authenticates 
whether the transmission terminal 11 is an authorized 
apparatus of the information communication system, and 
notifies the authentication result to the response trans- 
mission unit 74. 

[0121] Next, the operation of the transmission grant 
judgment unit shown in Fig. 9 will be described with ref- 
erence to the flow chart shown in Fig. 1 1 . 
[01 22] At Step S51 the control command communica- 
tion control unit 54 of the transmission grant judgment 
unit 21 of the terminal 1 1 establishes a TCP connection 
with a reception side apparatus. It is assumed that the 
port number for the TCP connection is agreed before- 
hand between the transmission side terminal 1 1 and re- 
ception side apparatus. This step may be omitted if the 
TCP connection has already been established between 
the transmission side apparatus 1 1 and reception side 
apparatus. 

[0123] The control command communication control 
unit 54 transmits a start command (control command CC) 
to the effect that the response time RTT measurement 
starts, to the reception side apparatus via the established 
TCP connection. This start command CC contains a ses- 
sion number SID, the random challenge RC and the 
number of retry times (measurement times) ks of meas- 
urement of the response time during one session exe- 
cutable by the transmission side terminal 1 1 . 
[0124] The session number SID is the number as- 
signed to each of a series of authentication processes 
(one session) to be executed thereafter for the reception 
side apparatus. This number is shared by both the trans- 
mission and reception sides so that the authentication 
processes can be discriminated between respective ses- 
sions. 

[0125] Communications of data (e.g., the response re- 
quest command MC and its response message MCR) 
necessary for the measurement of the response time 
RTT are performed by UDP which does not resend pack- 
ets. Therefore, depending upon the communication con- 
ditions, the response time measurement is not performed 
properly because of data loss during communications or 
other reasons. Packet transmission may be delayed by 
the influence of other communications on the network. 
From this reason, the response time RTT measurement 
is made to be retried (re-executed) several times. Since 
the numbers of retry times become different at the trans- 
mission side apparatus and reception side apparatus by 
their settings, in this example, the number of retry times 
(e.g., maximum number of retry times) of the transmis- 
sion side apparatus is notified to the reception side ap- 
paratus. 



[0126] Next, at Step S52 the control command com- 
munication control unit 54 receives the response mes- 
sage CCR to the start command CC from the reception 
side apparatus. 
5 [0127] This response message CCR contains, in ad- 
dition to the session number SID contained in the start 
command CC, the number of retry times k for the re- 
sponse time RTT measurement determined by the re- 
ception side, and a UDP port number pb for receiving the 
io response request command MC. Namely, with this ex- 
change of the start command CC and its response mes- 
sage CCR, the transmission side terminal 1 and recep- 
tion side apparatus agree the number of retry times 
(measurement times) k for the response time RTTmeas- 
'5 urement, the session number SID and the UDP port 
number pb for an exchange of the response request com- 
mand MC and its response message MCR. 
[0128] The reception side apparatus determines, as 
the number of retry times k for the current response time 
RTT measurement, a smaller one of the number of retry 
times ks for the response time RTT measurement exe- 
cutable at the transmission side terminal TR and notified 
by the start command CC and the number of retry times 
for the response time RTT measurement executable at 
the reception side, and notifies it to the transmission side 
apparatus by using the response message CCR. 
[0129] At Step S53the expected value generation unit 
52 makes the random challenge RC generated by the 
random challenge generation unit 51 be subjected to the 
Keyed-Hash process similar to the Keyed-Hash at the 
response control unit 22 (authentication data generation 
unit 73) of the reception side terminal 1 1 , and generates 
the expected value QR for the authentication data RR of 
the reception side apparatus. 

[0130] In this example, since the response time RTT 
measurement is performed a maximum of k times (since 
the response message MCR to the response request 
command MC is received a maximum of k times), the 
expected value QR is generated for each of the authen- 
tication data RR contained in the received k request com- 
mand messages MCR at a maximum. 
[0131] The authentication data generation unit 53 
makes the random challenge RC generated by the ran- 
dom challenge generation unit 51 be subjected to the 
Keyed-Hash process, and generates the command au- 
thentication data RS. 

[0132] In this example, since the response time RTT 
measurement Is performed a maximum of k times (since 
the response request command MC is transmitted a max- 
imum of k times), the authentication data RS is generated 
for each of the transmitted k response request com- 
mands MC at a maximum. 

[01 33] At Step S54 a counter i built in the control judg- 
ment unit 58 is initialized to 1 . At this time, the expected 
value generation unit 52 supplies the response authen- 
tication unit 57 with the expected value QR (e.g., an ex- 
pected value QRl generated at the i-th sequence) corre- 
sponding to the value of the counter i. The authentication 
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data generation unit 53 also supplies the authentication 
data RSI corresponding to the value of the counter i to 
the response request command transmission unit 55. 
[0134] At Step S55 the response request command 
transmission unit 55 transmits the response request com- 
mand MC to the reception side apparatus through UDP 
communications at the UDP port number pb contained 
in the response CCR to the control command CC, the 
response request command MC containing the session 
number SID, and the authentication data RSi (authenti- 
cation data RSi corresponding to the value of the counter 
i among k authentication data sets RS) supplied from the 
authentication data generation unit 53. 
[0135] When the response request command trans- 
mission unit 55 transmits the response request command 
MC, it notifies this to the response time measurement 
unit 59. In response to this, the response time measure- 
ment unit 59 starts measuring the response time. 
[0136] At Step S56 the response reception unit 56 
judges whether the response message MCR is received 
from the reception side apparatus. If it is judged that the 
response message is not received, the flow advances to 
Step S57 whereat it is judged whether the response is 
waited for a predetermined time or longer (it is judged 
whether a predetermined time has lapsed after the re- 
sponse time RTT measurement starts at Step S55). 
[0137] If it is judged at Step S57 that the predetermined 
time is not still lapsed, the flow returns to Step S56 to 
execute Step S56 and succeeding Steps. On the other 
hand, if it is judged at Step S57 that the predetermined 
time has lapsed, the flow advances to Step S62 whereat 
it is judged whether the value of the counter i is smaller 
than the number of retry times k (it is judged whether the 
response time RTT measurement is performed k times). 
If it is judged smaller (the measurement is not performed 
k times), the flow advances to Step S63 whereat the value 
of the counter i is incremented by 1 to thereafter return 
to Step S55. 

[01 38] Since a packet may not reach the communica- 
tion partner when sending the response request packet 
MC by UDP, if the response message MCR is not re- 
ceived until a lapse of a predetermined time after the 
response request command MC is sent, the transmission 
side terminal 1 1 judges a failure of the current measure- 
ment and starts the next response time RTT measure- 
ment (the process at Step S55 and succeeding Steps 
start). 

[0139] If it is judged at Step S56 that the respo nse mes- 
sage MCR is received, the flow advances to Step S58 
whereat the response reception unit 56 reads the re- 
sponse authentication data RRj and sequence number 
Cj contained in the received response message MCR, 
and supplies them to the response authentication unit 57. 
[0140] The response authentication unit 57 judges 
whether the sequence number Cj supplied from the re- 
sponse reception unit 56 matches with the value of the 
counter i (the sequence number Ci of the transmitted 
response request command MC). 



[0141] Description will be made later on the merit of 
confirming the sequence number Cj of the response mes- 
sage MCR and the sequence umber Ci of the response 
request command MC. 
5 [01 42] If it is judged at Step S58 do not match, the flow 
returns to Step S56 to execute Step S56 and succeeding 
Steps, whereas if it is judged to match, the flow advances 
to Step S59. 

[01 43] At Step S59 the response reception unit 56 sup- 
io pijes a notice END indicating that the response message 
MCR has been received, to the response time measure- 
ment unit 59. The response time measurement unit 59 
terminates the response time RTT measurement started 
at Step S55, and supplied the measurement result (re- 
ts sponse time RTT) to the control judgment unit 58. 

[0144] At Step S60 the response authentication unit 
57 judges whether the response authentication data RRj 
supplied from the response reception unit 56 matches 
with the expected value QRi for the authentication data 
20 RRj generated by the expected value generation unit 52. 
If it is judged to match, the reception side terminal 1 1 is 
authenticated as an authorized terminal of the informa- 
tion communication system to thereafter advance to Step 
S61. 

25 [0145] At Step S61 the contra I judgment unit 58 judges 
whether the response time RTT supplied from the re- 
sponse time measurement unit 59 is larger than the pre- 
determined prescribed time TL. 

[0146] The prescribed time TL is the time not longer 
30 than the response time RTT if the transmission side ter- 
minal 1 1 and the reception side apparatus are connected 
to the same LAN 1 . Namely, if the response time RTT is 
longer than the prescribed time TL, it can be judged that 
the reception side apparatus is not connected to the same 
35 LAN 1 as that of the transmission side terminal 1 1 . On 
the other hand, if the response time RTT is not longer (is 
equal to or shorter) than the prescribed time TL, it can 
be judged that the reception side apparatus is connected 
to the same LAN 1 as that of the transmission side ter- 
40 minal 1 1 . 

[0147] If it is judged at Step S61 YES (if it is judged 
from the response time RTT measurement at the i-th se- 
quence that the reception side apparatus is not connect- 
ed to the same LAN 1 as that of the transmission side 
<5 terminal 1 1 ), the flow advances to Step S62 whereat the 
control judgment unit 58 judges whether the value of the 
counter i is smaller than the value k (whether the re- 
sponse time RTT measurement is retried k times). If it is 
judged smaller (if the response time RTT measurement 
so is not performed k times), the flow advances to Step S63 
whereat the value of the counter i is incremented by 1. 
At this time, the expected value generation unit 52 sup- 
plies the response authentication unit 57 with the expect- 
ed value QRi corresponding to the new value of the coun- 
ts ter i, whereas the authentication data generation unit 53 
supplies the response request command transmission 
unit 55 with the authentication data RSi corresponding 
to the new value of the counter i. 
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[0148] Thereafter, the flow returns to Step S55 to ex- 
ecute Step S55 and succeeding Steps. Namely, the re- 
sponse time RTT measurement is performed k times at 
a maximum until the response message MCR, whose 
response time RTT is equal to or shorter than the pre- 
scribed time TL, is received. 

[0149] If it is judged as NO at Step S61 (if the response 
message MCR whose response time RTT is equal to or 
shorter than the prescribed time TL), the flow advances 
to Step S64. 

[0150] At Step S64the control judgment unit 58 notifies 
the communication unit 23 (Fig. 3) of that the reception 
side apparatus is an apparatus to which transmission 
data can be sent (an authorized apparatus connected to 
the same LAN 1 as that of the transmission side terminal 
11). The communication unit 23 reads predetermined 
transmission data from the transmission data storage unit 
24 and transmits it to the reception side apparatus (ter- 
minal 1 1). 

[0151] If it is judged at Step S62 that the value of the 
counter i is equal to or largerthan k (if the response whose 
response time RTT is equal to or shorter then the pre- 
scribed time TL is not obtained even if the response time 
RTT measurement is performed k times), the flow ad- 
vances to Step S65 whereat the control judgment unit 58 
notifies the control command communication control unit 
54 of that the reception side apparatus is an apparatus 
outside of the local network (an apparatus not connected 
to the same LAN 1 as that of the transmission side ter- 
minal 1 1). The control command communication control 
unit 54 transmits to the reception side apparatus the end 
command CC indicating that authentication of the recep- 
tion side apparatus failed. 

[0152] If it is judged at Step S60 that the response au- 
thentication data RRj does not match with its expected 
value QRi, the flow advances to Step S66 whereat the 
control judgment unit 58 notifies the control command 
communication unit 54 of that the reception side appa- 
ratus is an unauthorized apparatus. The control com- 
mand communication control unit 54 transmits to the re- 
ception side apparatus the end command CC indicating 
that authentication of the reception side apparatus failed. 
[01 53] The transmission grant j udgment process is ex- 
ecuted in the manner described above. 
[0154] In the above description, the k authentication 
data sets RS are generated at Step S53. Instead, at Step 
S55 each time the response request command MC is 
transmitted, the authentication data for the command 
may be generated. 

[01 55] Next, the operation of the response control unit 
22 of Fig. 1 0 will be described with reference to the flow 
chart of Fig. 12. 

[0156] AtStepS81 togetherwith the transmission side 
apparatus, the control response communication control 
unit 71 of the response control unit 22 of the reception 
side terminal 1 1 establishes a TCP connection and re- 
ceives the start command CC transmitted from the trans- 
mission side apparatus via the TCP connection (Step 



S51). The control response communication control unit 
71 supplies the expected value generation unit 72 and 
authentication data generation unit 73 with the random 
challenge RC contained in the received start command 
s CC. 

[0157] Next, at Step S82 the response request com- 
mand reception unit 75 determines a U DP port number 
pb to be used for receiving the response request com- 
mand MC transmitted from the transmission side appa- 
w ratus. 

[0158] The response request command reception unit 
75 also determines, as the number of retry times k for 
the current response time RTT measurement, a smaller 
one of the number of retry times ks for the response time 

'5 RTT measurement executable at the transmission side 
terminal TR contained in the start command CC and the 
number of retry times for the response time RTT meas- 
urement executable at the reception side terminal 1 1 . 
[0159] At Step S83 the control response communica- 

20 tion control unit 71 transmits the response message CCR 
to the transmission side apparatus via the TCP connec- 
tion established at Step S81 , the response message con- 
taining the session number SID, the number of retry times 
k for the response time RTT measurement and the UDP 

25 port number pb respectively contained in the control com- 
mand CC received at Step S81. The transmission side 
apparatus receives the transmitted response message 
CCR (Step S52). 

[01 60] At Step S84 the authentication data generation 
30 unit 73 executes a Keyed-hash process relative to the 
random challenge RC supplied from the control response 
communication control unit 71 , and generates the re- 
sponse authenticate data RR. 

[0161] In this example, since the response time RTT 

35 measurement is performed k times at a maximum (the 
response message MCR to the response request com- 
mand MC is transmitted k times at a maximum), the au- 
thentication data RR is generated for each of the trans- 
mitted k response messages MCR at a maximum. 

40 [0162] The expected value generation unit 72 makes 
the random challenge RC supplied from the control re- 
sponse communication control unit 71 be subjected to a 
Keyed-Hash process similar to the Keyed-Hash process 
by the transmission grant judgment unit 21 (authentica- 

45 tion data generation unit 53) of the transmission side ter- 
minal 1 1 , and generates the expected value QS for the 
authentication data of the transmission side terminal 1 1 . 
[0163] In this example, since the response time RTT 
measurement is performed a maximum of k times (the 

50 response request command MC is received a maximum 
of k times), the expected value QS is generated for each 
of the authentication data sets RS contained in the re- 
ceived k response request commands MC at a maximum. 
[0164] At Step S85 the value of a counter j built in the 

55 command authentication unit 76 is initialized to 1 . 

[0165] At Step S86 it stands by until a command is 
received, and when it Is judged that a command is re- 
ceived, the flow advances to Step S87 whereat it is 
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judged whether the received command is the response 
request command MC (Step S55). If it is judged as the 
response request command MC, the flow advances to 
Step S88. 

[0166] At Step S88, the sequence number Ci con- 
tained in the received command is compared with the 
counter j and it is confirmed whether the sequence 
number Ci is equal to or larger than the counter j. If the 
sequence number is equal to or larger than the counter 
j, the flow advances to Step S89 whereat the counter j is 
set to the value of the sequence number Ci. 
[0167] This is a countermeasure for making the coun- 
ter j match with the sequence number Ci, if the command 
is lost or does not income in the sequential sequence. 
[0168] At this time, the expected value generation unit 

72 supplies the command authentication unit 76 with the 
expected value QS corresponding to the value of the 
counter j (e.g., the expected value QSj generated at the 
j-th sequence). The authentication data generation unit 

73 supplies the response transmission unit 74 with the 
authentication data RRj corresponding to the value of the 
counter j. 

[0169] Next, at Step S90 the command authentication 
unit 76 judges whether the authentication data RSi as- 
sembled in the response request command MC received 
from the response request command reception unit 75 
matches with the expected value QSj generated by the 
expected value generation unit 72 (the expected value 
generated at the sequence indicated by the counter j). If 
it is judged to match, the transmission side terminal 1 1 
is authenticated as an authorized terminal of the infor- 
mation communication system to thereafter advance to 
Step S91 . 

[0170] At Step S91 the command authentication unit 
76 notifies the response transmission unit 74 of that the 
transmission side terminal 1 1 is the authorized appara- 
tus. Then, the response transmission unit 74 transmits 
to the transmission side apparatus the response mes- 
sage MCR which contains the session number SID, the 
sequence number Cj representative of the value of the 
counter j and the authentication data RRj supplied from 
the authentication data generation unit 73. 
[0171] On the other hand, if it is judged at Step S90 do 
not match, the flow advances to Step S92 whereat the 
command authentication unit 76 notifies this to the re- 
sponse transmission unit 74. Then, the response trans- 
mission unit 74 transmits to the transmission side appa- 
ratus a response message MCR containing the session 
number SID, the sequence number Cj representative of 
the value of the counter j, and authentication data RR (= 
XX) with which the transmission side apparatus fails the 
authentication of the reception side apparatus (Step 
S60). 

[0172] If the response message MCR is transmitted at 
Step S91 or Step S92, the value of the counter] is incre- 
mented by 1 at Step S93 and thereafter the flow returns 
to Step S86 to execute Step S86 and succeeding Steps. 
[0173] If it is judged at Step S88 that the value of the 



counter j is smaller than the sequence number Ci con- 
tained in the received command, the flow also returns to 
Step S86 to execute Step S86 and succeeding Steps. 
[0174] If it is judged at Step S87 that the received com- 
5 mand is not the response request command (if the re- 
ceived command is the end command CC (Steps S65 
and S66)), the process is terminated. 
[0175] Next, description will be made on the process 
at Step S58 shown in Fig. 11 . In the process at Step S58, 

10 it is judged whether the sequence number Cj of the re- 
sponse message MCR from the reception side apparatus 
matches with the sequence number Ci (the value of the 
counter i) of the response request command MC. Since 
the correspondence between the response request corn- 
's mand MC and the response message MCR is confirmed, 
the distance judgment by the response time RTT is not 
performed in accordance with the response message 
MCR not corresponding to the response request com- 
mand MC (the response message MCR of another re- 

20 sponse request command MC). 

[01 76] For example, as shown in Fig. 1 3, it is assumed 
that the reception side apparatus takes a long time to 
transmit the response message MCR corresponding to 
the first response request message (Steps S91 and S92) 

25 and that the transmission side terminal 1 1 judges as the 
timeout (Step S57) and transmits the second response 
request command MC to the reception side apparatus. 
It is also assumed that the response message MCR cor- 
responding to the first response request command MC 

30 is received at the transmission side terminal 11 (Step 
S56) after the second response request command MC 
is transmitted (Step S55) before the timeoutorthesecond 
response request command MC (Step S57). 
[0177] In the present invention, however, it is judged 

35 that the sequence number (= 1) of the first response mes- 
sage MCR from the reception side apparatus is do not 
match with the sequence number (= 2) of the second 
response request command MC. Therefore, the trans- 
mission side terminal 1 1 stands by (return to Step S56) 

to until the response message MCR corresponding to the 
second response request command MC is received, so 
that even if the response message not corresponding to 
the response request command is received, the distance 
judgment by the response time RTT is not performed. 

45 [01 78] Next, the operation of an unauthorized terminal 
1 1 will be described specifically. 
[0179] For example, it is assumed that the unauthor- 
ized apparatus x connected to the same LAN 1 as that 
of the transmitter shown in Fig. 8 transmits a response 

so request command in sequence to receive a response 
from the receiving apparatus. However, since the appa- 
ratus x does not have the secret key shared with the 
receiving apparatus, it cannot acquire the authentication 
data RS necessary for the authentication of the transmit- 

55 ter by the receiving apparatus. Therefore, as shown in 
Fig. 14, although the apparatus x transmits the response 
request command MC containing improper authentica- 
tion data RS (= ?), the receiving apparatus transmits the 
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response message MCR containing the authentication 
data RR (=xx) with which the authentication of the receiv- 
ing apparatus falls (Step S92). Even if the apparatus x 
transmits thereafter to the transmitter the response mes- 
sage MCR to the response request command MC sent 
from the transmitter, the apparatus x cannot be authen- 
ticated by the transmitter and the transmission data will 
not be transmitted to the apparatus x. 
[0180] It can be considered as shown in Fig. 15 that 
the unauthorized apparatus x receives the response re- 
quest command MC from the transmitter, transmits it to 
the receiving apparatus and acquires the response mes- 
sage MCR containing the proper authentication data RR 
and that the apparatus transmits the acquired response 
message MCR to the transmitter. 
[0181] However, in this case, the response request 
command MC is transmitted from the transmitter to the 
apparatus x and from the apparatus x to the receiving 
apparatus, and the response message MCR is transmit- 
ted from the receiving apparatus to the apparatus x and 
from the apparatus x to the transmitter. Therefore, the 
transmission paths of the response request command 
MC and the response message MCR become longer 
than the ordinary transmission path (transmission path 
between the transmitter and receiving apparatus). In this 
case therefore, since the response time RTT becomes 
longer than the prescribed time TL, the apparatus x is 
judged not connected to the same LAN 1 as that of the 
transmitter so that the apparatus x is not provided with 
the transmission data. 

[0182] Although an above-described series of proc- 
esses may be realized by hardware, they may be realized 
by software. If a series of processes are to be realized 
by software, the program constituting the software is in- 
stalled in a computer and the computer executes the pro- 
gram to functionally realize the above-described trans- 
mission grant judgment unit 21 and response control unit 
22. 

[0183] Fig. 1 6 is a block diagram showing the structure 
of a computer 1 01 according to an embodiment, the com- 
puter functioning as the transmission grant judgment unit 
21 and response control unit 22 described earlier. An 
input/output interface 1 1 6 is connected via a bus 1 1 5 to 
a CPU (Central Processing Unit) 1 1 1 . When a user inputs 
a command from an input unit 1 1 7 such as a keyboard 
and a mouse to CPU 111 via the input/output interface 
116, CPU 111 loads a program into a RAM (Random 
Access Memory) 113 and executes it to execute the 
above-described various processes. The program is 
stored in a storage medium such as: a ROM (Read Only 
Memory) 1 12; a hard disk 1 14; a magnetic disk 131, an 
optical disk 132, a magnetic optical disk 1 33 and a sem- 
iconductor memory 134 to be loaded on a drive 120. CPU 
1 1 1 outputs the processed results, when necessary, for 
example, to an output unit 118 such as an LCD (Liquid 
Crystal Display) via the input/output interface 1 1 6. The 
program may be stored in advance in the hard disk 114 
or ROM 1 12 to provide a user with the program bundled 



in the computer 1 01 , the program may be provided as 
package media such as the magnetic disk 1 31 , optical 
disk 132, magnetic optical disk 133 and semiconductor 
memory 134, or the program may be stored in the hard 
s disk 114 from a satellite, a network or the like via a com- 
munication unit 119. 

[0184] In this specification, steps describing the pro- 
gram provided by a recording medium contain not only 
a process to be executed time sequentially in the se- 
re quence of written statements but also a process to be 
executed parallel or independently without being proc- 
essed time sequentially. 

[0185] In this specification, a system may designate 
an entire apparatus constituted of a plurality of appara- 
15 tuses. 

Industrial Applicability 

[01 86] According to the first and third inventions, a re- 
sponse time of a receiving apparatus can be measured 
properly. 

[01 87] According to the second and fourth inventions, 
information can be provided which is necessary for a 
transmitter to properly measure a response time. 



Claims 

1 . An information processing apparatus characterized 
by comprising: 

command transmission means for transmitting 
a command for requesting for a response to a 
receiving apparatus after authentication data is 
generated in accordance with shared data 
shared with said receiving apparatus; 
authentication means for authenticating said re- 
ceiving apparatus in accordance with an expect- 
ed value generated based on said shared data 
and said authentication data generated at said 
receiving apparatus; 

measurement means for measuring a response 
time taken by said receiving apparatus to re- 
spond to said command; and 
judgment means for judging whether data trans- 
mission to said receiving apparatus is granted 
or not, in accordance with an authentication re- 
sult by said authentication means and the re- 
sponse time measured by said measurement 
means. 

2. The information processing apparatus recited in 
claim 1, wherein: 

said command transmission means transmits 
said command a maximum of N times to judge 
whether the data transmission is granted or not; 
and 
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said authentication means authenticates said 
receiving apparatus in accordance with said au- 
thentication data corresponding to a transmis- 
sion sequence of said command and a corre- 
sponding one of said expected value. s 

3. An information processing method characterized 
by comprising: 

a command transmission step of transmitting a io 
command for requesting for a response to a re- 
ceiving apparatus after authentication data is 
generated in accordance with shared data 
shared with said receiving apparatus,; 
an authentication step of authenticating said re- *s 
ceiving apparatus in accordance with an expect- 
ed value generated based on said shared data 
and said authentication data generated at said 
receiving apparatus; 

a measurement step of measuring a response 20 
time taken by said receiving apparatus to re- 
spond to said command; and 
a judgment step of judging whether data trans- 
mission to said receiving apparatus is granted 
or not, in accordance with an authentication re- 25 
suit by said authentication step and the re- 
sponse time measured at said measurement 
step. 

4. A recording medium recording a program readable so 
by a computer, the program characterized by com- 
prising: 

a command transmission control step of control- 
ling transmission of a command for requesting 35 
for a response to a receiving apparatus after au- 
thentication data is generated in accordance 
with shared data shared with said receiving ap- 
paratus; 

an authentication control step of controlling au- <o 
thentication of said receiving apparatus in ac- 
cordance with an expected value generated 
based on said shared data and said authentica- 
tion data generated at said receiving apparatus; 
a measurement control step of controlling meas- 45 
urement a response time taken by said receiving 
apparatus to respond to said command; and 
a judgment control step of controlling judgment 
whether data transmission to said receiving ap- 
paratus is granted or not, in accordance with an so 
authentication result by said authentication con- 
trol step and the response time measured at said 
measurement control step. 

5. Aprogramformakingacomputerexecuteaprocess, ss 
the process characterized by comprising: 

a command transmission control step of control- 



ling transmission of a command for requesting 
for a response to a receiving apparatus after au- 
thentication data is generated in accordance 
with shared data shared with said receiving ap- 
paratus; 

an authentication control step of controlling au- 
thentication of said receiving apparatus in ac- 
cordance with an expected value generated 
based on said shared data and said authentica- 
tion data generated at said receiving apparatus; 
a measurement control step of controlling meas- 
urement a response time taken by said receiving 
apparatus to respond to said command; and 
a judgment control step of controlling judgment 
whether data transmission to said receiving ap- 
paratus is granted or not, in accordance with an 
authentication result by said authentication con- 
trol step and the response time measured at said 
measurement control step. 

6. An information processing apparatus capable of 
communicating with a transmitting apparatus which 
judges whether data transmission is granted or not, 
in accordance with an authentication result based 
on authentication data generated from shared data 
shared with said transmitting apparatus and a re- 
sponse time to a predetermined command from said 
transmitting apparatus, the information processing 
apparatus characterized by comprising: 

authentication data generation means for gen- 
erating said authentication data by subjecting 
said shared data to a predetermined process, 
before said command is transmitted from said 
transmitting apparatus; 

response message generation means for gen- 
erating a response message to said command 
before said command is transmitted from said 
transmitting apparatus, said response message 
including said authentication data generated by 
said authentication data generation means; and 
transmission means for transmitting said re- 
sponse message to said transmitting apparatus 
when said command transmitted from said 
transmitting apparatus is received. 

7. The information processing apparatus recited in 
claim 6, characterized in that: 

said shared data is a quasi random number; 
said quasi random number is transmitted from 
said transmitting apparatus before said com- 
mand is transmitted; and 
said authentication data generation means sub- 
jects said quasi random number to a Keyed- 
Hash process and a resultant Hash value is used 
as said authentication data. 
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8. The information processing apparatus recited in 
claim 7, characterized In that: 

said authentication data generation means ex- 
ecutes a Keyed-Hash process relative to said 5 
quasi random number and information specific 
to the information processing apparatus and us- 
es a resultant Hash value as said authentication 
data. 

9. The information processing apparatus recited in 
claim 6, characterized In that: 

if said command is transmitted from said trans- 
mitting apparatus a maximum of N times to judge 
whether data transmission is granted or not; 
said authentication data generation means ex- 
ecutes said process relative to said shared data 
before a first one of said command is transmitted 
from said transmitting apparatus and generates 
N sets of said authentication data corresponding 
to N sets of said command to be transmitted; and 
said transmission means transmits said re- 
sponse message generated by said response 
message generation means to said transmitting 
apparatus in such a manner that N sets of said 
authentication data are supplied to said trans- 
mitting apparatus in a sequence agreed before- 
hand with said transmitting apparatus. 

10. The information processing apparatus recited in 
claim 9, characterized In that: 

said authentication data generation means di- 
vides the data obtained by subjecting said 
shared data to said process into a plurality of 
data pieces and generates N sets of said au- 
thentication data from the divided data. 

11. The information processing apparatus recited in 
claim 9, characterized in that: 

said authentication data generation means gen- 
erates N sets of said authentication data from 
data obtained at each process of repetitively ex- 
ecuting said process relative to said shared da- 
ta. 

12. The information processing apparatus recited in 
claim 6, characterized in that: 

when said command from said transmitting ap- 
paratus is received, said transmission means 
transmits a response message to said transmit- 
ting apparatus, said response message contain- 
ing new authentication data generated from said 
authentication data and information contained 
in said command. 



1 3. An information processing method for an information 
processing apparatus capable of communicating 
with a transmitting apparatus which judges whether 
data transmission is granted, in accordance with an 
authentication result based on authentication data 
generated from shared data shared with said trans- 
mitting apparatus and a response time to a prede- 
termined command from said transmitting appara- 
tus, the information processing method character- 
ized by comprising: 

an authentication data generation step of gen- 
erating said authentication data by subjecting 
said shared data to a predetermined process, 
before said command is transmitted from said 
transmitting apparatus; 

a response message generation step of gener- 
ating a response message to said command be- 
fore said command is transmitted from said 
transmitting apparatus, said response message 
including said authentication data generated by 
a process at said authentication data generation 
step; and 

a transmission step of transmitting said re- 
sponse message to said transmitting apparatus 
when said command transmitted from said 
transmitting apparatus is received. 

14. A recording medium recording a program readable 
by a computer for communicating with a transmitting 
apparatus which judges whether data transmission 
is granted, in accordance with an authentication re- 
sult based on authentication data generated from 
shared data shared with said transmitting apparatus 
and a response time to a predetermined command 
from said transmitting apparatus, the program char- 
acterized by comprising: 

an authentication data generation control step 
of controlling generation of said authentication 
data by subjecting said shared data to a prede- 
termined process, before said command is 
transmitted from said transmitting apparatus; 
a response message generation control step of 
controlling generation of a response message 
to said command before said command is trans- 
mitted from said transmitting apparatus, said re- 
sponse message including said authentication 
data generated by a process at said authentica- 
tion data generation step; and 
a transmission control step of controlling trans- 
mission of said response message to said trans- 
mits ng apparatus when said command transmit- 
ted from said transmitting apparatus is received. 

1 5. A program for making a computer execute a process 
and communicating with a transmitting apparatus 
which judges whether data transmission is granted, 
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in accordance with an authentication result based 
on authentication data generated from shared data 
shared with said transmitting apparatus and a re- 
sponse time to a predetermined command from said 
transmitting apparatus, the program characterized 5 
by comprising: 

an authentication data generation control step 
of controlling generation of said authentication 
data by subjecting said shared data to a prede- 
termined process, before said command is 
transmitted from said transmitting apparatus; 
a response message generation control step of 
controlling generation of a response message 
to said command before said command is trans- 
mitted from said transmitting apparatus, said re- 
sponse message including said authentication 
data generated by a process at said authentica- 
tion data generation step; and 
a transmission control step of controlling trans- 
mission of said response message to said trans- 
mitting apparatus when said command transmit- 
ted from said transmitting apparatus is received. 

16. An information processing apparatus characterized 
by comprising: 

authentication data generation means for gen- 
erating command authentication data and re- 
sponse expected value data from shared data 
shared with a receiving apparatus; 
command transmission means for transmitting 
a command for requesting for a response to said 
receiving apparatus, said command containing 
said command authentication data; 
response reception means for receiving a re- 
sponse to said command from said receiving ap- 
paratus; 

authentication means for authenticating said re- 
ceiving apparatus in accordance with said re- 
sponse expected value and said response au- 
thentication data contained in said response re- 
ceived from said receiving apparatus; 
measurement means for measuring a response 
time taken by said receiving apparatus to re- 
spond to said command; and 
judgment means forjudging whether data trans- 
mission to said receiving apparatus is granted 
or not, in accordance with an authentication re- 
sult by said authentication means and the re- 
sponse time measured by said measurement 
means. 

17. The information processing apparatus recited in 
claim 16, characterized in that: 

said command transmission means transmits 
said command a maximum of k times to judge 



whether data transmission is granted; and 
said authentication means authenticates said 
receiving apparatus in accordance with said au- 
thentication data corresponding to a transmis- 
sion sequence of said command and a corre- 
sponding one of said expected value. 

18. An information processing method characterized 
by comprising: 

an authentication data generation step of gen- 
erating command authentication data and re- 
sponse expected value data from shared data 
shared with a receiving apparatus; 
a command transmission step of transmitting a 
command for requesting for a response to said 
receiving apparatus, said command containing 
said command authentication data; 
a response reception step of receiving a re- 
sponse to said command from said receiving ap- 
paratus; 

an authentication step of authenticating said re- 
ceiving apparatus in accordance with said re- 
sponse expected value and response authenti- 
cation data contained in said response received 
from the receiving apparatus; 
a measurement step of measuring a response 
time taken by said receiving apparatus to re- 
spond to said command; and 
a judgment step of judging whether data trans- 
mission to said receiving apparatus is granted 
or not, in accordance with an authentication re- 
sult by said authentication step and said re- 
sponse time measured by said measurement 
step. 

19. A recording medium recording a program readable 
by a computer, the program characterized by com- 
prising: 

an authentication data generation step of gen- 
erating command authentication data and re- 
sponse expected value data from shared data 
shared with a receiving apparatus; 
a command transmission step of transmitting a 
command for requesting for a response to said 
receiving apparatus, said command containing 
said command authentication data; 
a response reception step of receiving a re- 
sponse to said command from said receiving ap- 
paratus; 

an authentication step of authenticating said re- 
ceiving apparatus in accordance with said re- 
sponse expected value and said response au- 
thentication data contained in said response re- 
ceived from said receiving apparatus; 
a measurement step of measuring a response 
time taken by said receiving apparatus to re- 
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spond to said command; and 
a judgment step of judging whether data trans- 
mission to said receiving apparatus is granted 
or not, in accordance with an authentication re- 
sult by said authentication step and the re- 5 
sponse time measured by said measurement 
step. 

20. A program for making a computer execute a process, 

the process characterized by comprising: 10 

an authentication data generation step of gen- 
erating command authentication data and re- 
sponse expected value data from shared data 
shared with a receiving apparatus; is 
a command transmission step of transmitting a 
command for requesting for a response to said 
receiving apparatus, said command containing 
said command authentication data; 
a response reception step of receiving a re- 20 
sponse to said command from said receiving ap- 
paratus; 

an authentication step of authenticating said re- 
ceiving apparatus in accordance with said re- 
sponse expected value and said response au- 25 
thentication data contained in said response re- 
ceived from said receiving apparatus; 
a measurement step of measuring a response 
time taken by said receiving apparatus to re- 
spond to said command; and 30 
a judgment step of judging whether data trans- 
mission to said receiving apparatus is granted 
or not, in accordance with an authentication re- 
sult by said authentication step and the re- 
sponse time measured by said measurement 35 
step. 

21. An information processing apparatus capable of 
communicating with a transmitting apparatus which 
judges whether transmission of transmission data is *o 
granted or not, in accordance with a response time 

to a predetermined command, the information 
processing apparatus characterized by compris- 
ing: 

45 

generation means for generating, from shared 
data shared with said transmitting apparatus, 
command expected value data and response 
authentication data respectively corresponding 
to authentication data of said command gener- so 
ated at said transmitting apparatus from said 
shared data; 

authentication means for authenticating said 
transmitting apparatus in accordance with au- 
thentication data of said command contained in ss 
said command and said command expected val- 
ue data generated by said generation means, 
when said command transmitted from said 



transmitting apparatus is received; and 
transmission means for transmitting a response 
containing said response authentication data to 
said transmitting apparatus, in accordance with 
an authentication result by said authentication 
means. 

22. An inf ormation processing method for an information 
processing apparatus capable of communicating 
with a transmitting apparatus which judges whether 
transmission of transmission data is granted or not, 
in accordance with a response time to a predeter- 
mined command, the information processing meth- 
od characterized by comprising: 

a generation step of generating, from shared da- 
ta shared with said transmitting apparatus, com- 
mand expected value data and response au- 
thentication data respectively corresponding to 
authentication data of said command generated 
at said transmitting apparatus from said shared 
data; 

an authentication step of authenticating said 
transmitting apparatus in accordance with au- 
thentication data of said command contained in 
said command and said command expected val- 
ue data generated by a process of said gener- 
ation step, when said command transmitted 
from said transmitting apparatus is received; 
and 

a transmission step of transmitting a response 
containing said response authentication data to 
said transmitting apparatus, in accordance with 
an authentication result by a process of said au- 
thentication step. 

23. A recording medium recording a program readable 
by a computer, the program for information process- 
ing of an information processing apparatus capable 
of communicating with a transmitting apparatus 
which judges whether transmission of transmission 
data is granted, in accordance with a response time 
to a predetermined command, the program charac- 
terized by comprising: 

a generation step of generating, from shared da- 
ta shared with said transmitting apparatus, com- 
mand expected value data and response au- 
thentication data respectively corresponding to 
authentication data of said command generated 
at said transmitting apparatus from said shared 
data; 

an authentication step of authenticating said 
transmitting apparatus in accordance with au- 
thentication data of said command contained in 
said command and said command expected val- 
ue data generated by a process of said gener- 
ation step, when said command transmitted 
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from said transmitting apparatus is received; 
and 

a transmission step of transmitting a response 
containing said response authentication data to 
said transmitting apparatus, in accordance with 5 
an authentication result by a process of said au- 
thentication step. 

24. A program for making a computer execute a process, 
the program for information processing of an infor- »o 
mation processing apparatus being capable of com- 
municating with a transmitting apparatus which judg- 
es whether transmission of transmission data is 
granted or not, in accordance with a response time 
to a predetermined command, the process charac- *5 
terlzed by comprising: 

a generation step of generating, from shared da- 
ta shared with said transmitting apparatus, com- 
mand expected value data and response au- 20 
thentication data respectively corresponding to 
authentication data of said command generated 
at said transmitting apparatus from said shared 
data; 

an authentication step of authenticating said 2s 
transmitting apparatus in accordance with au- 
thentication data of said command contained in 
saidcommand and said command expected val- 
ue data generated by a process of said gener- 
ation step, when said command transmitted 30 
from said transmitting apparatus is received; 
and 

a transmission step of transmitting a response 
containing said response authentication data to 
said transmitting apparatus, in accordance with 35 
an authentication result by a process of said au- 
thentication step. 
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FIG. 5 



START TRANSMISSION GRANT JUDGING 
PROCESS (TRANSMISSION SIDE) 



START RESPONSE PROCESS 
(RECEPTION SIDE) 



GENERATE RANDOM CHALLENGE | SI 

I ¥ iS2 
I TRANSMIT RANDOM CHALLENGE | 



GENERATE EXPECTED VALUES 
FOR N AUTHENTICATION 
DATA PIECES 



S3 



1 


t S21 


RECEIVE RANDOM 
CHALLENGE 



S22 



RECEIVE RC RECEPTION 
MESSAGE 

y 



S4 



COUNTER i 



1 



S5 



GENERATE N 
AUTHENTICATION 
DATA PIECES 



S23 



TRANSMIT RC RECEPTION 
MESSAGE 



TRANSMIT COMMAND 



START RESPONSE TIME 
MEASUREMENT 



S6 



S7 



± 



S24 



RECEIVE RESPONSE 
MESSAGE 



TERMINATE RESPONSE TIME 
MESSAGE MEASUREMENT 
I 

AUTHENTICATION DATA 
EXPE CTED VALU ES ? 

. S11 

K frESPONSE TIME < = TL 



S8 



S9 



S10> — T 
X^AUT 



Fa\no 

1/1 



COUNTER j — 1 



S25 



GENERATE RESPONSE 
MESSAGE INCLUDING 
AUTHENTICATION DATA 



S26 



S15 



I NO 



i + 1 



NO 



<t = N + 1 ?> 
YES |* 



S12 
S13 



RECEIVE RESPONSE 
MESSAGE 

I 



S27 



TRANSMIT RESPONSE 
MESSAGE 



TRANSMISSION 
REJECTED 



TRANSMISSION 
GRANTED 



S14 



S16 



TRANSMIT JUDGEMENT 
COMPLETION MESSAGE 



S28 



YES, 



JUDGEMENT COMPLETION 
MESSAGE RECEIVED ? 



jNO 
l j-j + 1 



S30 



<j = N + 1 ?> 
YES 



S29 
NO 



C END ) 



( END ) 



26 



EP 1 650 671 A1 




27 



EP 1 650 671 A1 




28 



EP 1 650 671 A1 




29 



EP 1 650 671 A1 



O 
LL- 



csj' 



O 

cr 

Q 

O 
O 



a 
a 

CO 

>— ^ 
cr 
o 
o 



LO 



Q 
2 

2 o i_ 

3 



O ^ 



o ^ o 
tr 2 q: 



o o o 
o o o 



5-" 



CO 

tr 
a 
cT 

o 



<o 

LU 

O 

LU 
£T 

UJ Q 
2 << 

o 5 
a. ^ 

LU O 

cr o 



CO 

s 

CO 



co 
cr 



2 O 

si 

O 



X < 
Z) < 

< a 



LU 

a 

is 

o 2 
^ i— 

I 2 

O LU 
2 2 
< LU 

cr o 



a 
o 

LU 
CL 
X 
LU 



o 

p 

s 

LU 

2 

LU 

a 



cr 
cr 

a 
9 

CO 

o 



cr 

co 



Q. 
LU 
O 
LU 

cr 

LU 
CO 
2 
O 

a. . 
co tz 

UJ 2 
DC Z> 



o 
cr 
cr 



cr 
o 



LO 



.CO 
LO 



LU 
CO 
2 
O 
Q- 
00 



2 
O 
P 
< 

o 

p 

2 

LU 
X 

< 



ooyl 

LO 



LU 

o 



O 

cr 



o 
o 



cr 



<y>A 

io 



LU 



r- LU 

LU S 

CO LU 

2 cr 

o ^ 

CL CO 

CO < 

UJ LU 

cr S 



30 



EP 1 650 671 A1 



o 

d 



o 
cr 



CM 



LU 


fc 


ID 


Z 


I 


Z> 






o 


o 


LU 






1 


o 




LU 


LU 


a 


z 


X 


LU 


LU 


o 



CO 

a 



CO 



O 

P 
< 



< 



O LU 

h- I— t 

3 < Z 

< O 3 



0£ 

cr 



LU 
00 

z 
o 

Q_ 
00 



o 
cr 



IS 



z 2 z 
o o o 
o o o 



o 



O 
Q. 
00 
UJ 

cr 



o 

< 
Q 2 



LU 

1ft 



.CO 

r- 



O 
O 



3 



CO 



00 
UJ 

5 < P 

O $ CL 

0L ^ LU 

co s a 

LU O LU 

dc o cr 



.in 
r- 



a 

in 
Q 

53 

a 
a 



jQ 
D- 

Q 

CT 
O 
O 



cr 

cT 
a 

CO 

o 



CO 

cr 

a 
cf 
oo 
a 



31 



EP 1 650 671 A1 



FIG. 1 1 
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FIG. 1 3 
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